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(57) Abstract: System for protected storage in a TTP server. A file (Txt) is transmitted from a first (A) to a second user (B) af- 
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session key (SesKey) is also enciphered by the first user with the public key (PublKfiy/TTP) of the TTP server which, after having 
received it, deciphers said session key with his private key (SecKeyTTP). The TTP server subsequently enciphers the session key 
(SesKey) and the (original) public key (PubKeyA) of the first user (A) with a "public" storage key (PubStorKey). The enciphered 
session key ((SesKey)PubSiorKey) and public key ((PubKeyA)PubStorKey) of the first user are stored, together with the enciphered 
file ((Txt)SesKey), in a storage medium (DB). They are recoverable by the TTP, by deciphering with the private storage key (Sec- 
StorKey), and may be transmitted after having been enciphered with the current public keys (PubKeyA* or PubKeyB*, as the case 
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System for protected storage and management In a TTP server. 

BACKGROUND OF THE INVENTION 

The Invention relates to a system for protected storage and 
5 mcinagement in a TTP server [TTP = Trusted Third Party] of copies 

of digital files transmitted, by way of a transmission channel, 
from a first t.o a second user. 

The invention relates to, in other words, a timeless key 
and storage system for the benefit of the long-term storage of 
10 electronically exchanged (digitally protected) information and 

protectedly mcJcing available (secure retrieving) the stored data. 

The few known systems have the following drawbacks: 
1) Current protection techniques have a restricted hackability 
duration guarantee. 
15 2) Limited protection guarantees prior to, during and after 

long-term storage. 

3) Much storage space and effort are req[uired for key 
mcuiagement . 

4) Protected long-term storage and the associated key and 
20 storage management is now either not regulated or very 

complex in setup. 

5) Due to the ever changing software and hardware, it is very 
' difficult to guarantee electronic timelessness . 

25 B. SUMMARY OF THE INVENTION 

The object of the invention is to overcome said drawbacks. 
For this purpose, the invention provides for a system having 
means for carrying out the f imctionalities : "Secure Archiving**, 
"Re-encryption" and "Secure Retrieval", which will be discussed 

30 ' i below. . In this .connection, the optional iteims "Digital Sign" and* 
"Time Stamp" will be discussed separately.' 

"Secure Archiving" 

If, according to the current state of the art, a file is 

35 transmitted from a first user to a second user in a safe way, the 

file is enciphered with a symmetrical session key, which in its 
turn is enciphered with the public key of the second user. Said 
second xiser may decipher the session key with his private key and 
decipher the file itself with the session key deciphered in this 

40 manner . 
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According to the invention, the session key is also 
enciphered by the first user with the public key of an "in-line" 
TTP server (i.e., included in the tramsmission channel between 
the first and second iisers) , which TTP server deciphers the 
session key received with his private key. Thereafter, the TTP 
server enciphers the deciphered session key with a "public" 
storage key. The session key enciphered with said public storage 
key and the file enciphered with the session key are subseq[uently 
stored in a storage medium of the TTP. 

It should be noted that above and below there is spoken of 
public and private keys. These are generally known. In general, 
a public smd a private key constitute an asymmetric pair of keys. 
If a file or a code is enciphered with the public key of an 
asymmetric pair of keys, said file or code may be deciphered only 
with the help of the cLssociated private key and vice versa. In 
general;" £h^^ keys are available "to "the' 'pubric" by 

way of a p\ablicly accessible data base, such as www.pgp.com. In 
the present application, it is assumed that the users and the TTP 
each dispose of a pair of keys, each consisting of a public and a 
private key, and in particular intented for protecting the mutual 
data exchange of the files and codes. In addition, the TTP 
disposes of a pair of keys which is used within the TTP only; the 
"public" and .private keys serve as protected storage or recovery 
("secure retrieval"), as the case may be, of files and codes. 
The public storage key is not, as is normally the case for public 
keys, put at the disposal of the public. 

"Re-encryption" 

By way of "periodic maintenance" - from security 
considerations. - ,the TTP server may at regular points in time 
store the file once again in the storage medium. For this 
piirpose, the session key with which the file was enciphered is 
first recovered by deciphering - with the private storage key - 
the stored (enciphered) session key. Subsequently, the 
enciphered file stored in the storage mediiun is deciphered with 
the recovered session key. 

The TTP server then generates a new asymmetric pair of 
storage keys, consisting of a new public storage key (which is 
not made available outside the TTP) and a new private storage 
key, and a new version of the symmetrical session key, whereafter 
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the TTP enciphers the deciphered file with the new session key 
and stores it in the storage medium. 

The TTP also enciphers the new session key with the new 
piiblic storage key and stores said enciphered session key in the 
storage medium. 

"Secure Retrieval" 

For protected recovery of the stored file, and transmission 
thereof to the first and/or second user, the symmetrical session 
key is recovered from the storage medium by deciphering, with the 
private storage key, the stored enciphered session key. The 
recovered session key is subsequently enciphered with the current 
public key of the first or second user, as the case may be, and 
transmitted to said user by way of the transmission channel, 
together with a copy of the file stored in the storage medium, 
enciphered with the session key. After having received the 
enciphered session key, the user may recover the session key 
therefrom by deciphering with his private key. Subsequently, the 
user may decipher the file enciphered with the session key using 
the recovered session key. 

"Digital Sign" 

The public key- of the first iiser may - as is well-known - 
be used to verify a digital signature of the file. A problem 
arises if - which frequently occurs - the first user at a certain 
point in time, after the file has been stored in the TTP server, 
generates a new pair of keys (comprising a piiblic and a private 
key) and discontinues the old one. For this reason, it is of 
importance to store the (original) piablic key of the first user 
« > it in -the TTP server,- since.vonly said original key ~ may be:- used for 
verifying the digital signature of the stored, later retrievable 
file. 

For this case, the TTP server, after having received the 
enciphered file, also enciphers the - at that point in time 
publicly available - public key of the first user, with the 
p\iblic storage key, and stores said enciphered public key in the 
storage medium. 

Periodically, the TTP server — as "periodical maintenance" 
— deciphers the enciphered (original) public key, stored in the 
storage medium, of the first user having the private storage key. 
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and enciphers the deciphered public key of the first user having 
the newly generated public storage key, and stores said freshly 
enciphered key in the storage medium. 

The public key of the first user may — upon retrieving the 
stored file — be recovered from the storage medium by 
deciphering, with the private storage key, said stored key. The 
pxiblic key of the first user recovered in this msmner is 
subsequently enciphered with the — at that point in time 
publicly available — public key of the retrieving first or 
second user, and transmitted by way of the transmission channel. 
After having received said enciphered public key, the user may 
recover the original public key of the first user by deciphering 
his current private key; subsecjuently, the digital signature of 
the recovered file may be verified using the recovered original 
public key of the first user. 

"Time Stamp" 

If so desired, the TTP server, after the enciphered file 
has been received and stored, may generate a time stamp £uid store 
it, linked to the stored file and enciphered with the public 
storage key, in the storage medium. In the event of retrieving 
the stored file by the first or second user, the time stamp is 
deciphered and subsequently enqiphered with the public key valid 
for said user and transmitted to the user. The user may decipher 
the enciphered time stamp with his current private key, 

DESCRIPTION OF THE FIGURES 

Below, the invention is illustrated in further detail by 
reference to several figures. Figures 1, 2 and 3 illustrate the 
functions "Secure Arcfiiying" , jle-encaryption? . and "Secure ^ 
Retrieva:i", including the items "Digital Sign" and the "Time 
Stamp" . 

FIG. 1: "Sec\ire Archiving" 

A file Txt is transmitted from a first user A to a second 
user B after having been enciphered with a symmetical session key 
SesKey. Said session key is enciphered with the public key 
PubKeyB of the second user. The latter may decipher the session 
key with his private key SecKeyB and the file itself with the 
deciphered session key. 
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The session key is also enciphered by t:lie first user with 
the public key of the TTP server PubKeyTTP, which, after having 
received it« deciphers said session key with his private key 
SecKeyTTP. Thereafter the TTP server enciphers the deciphered 
session key with a "public" storage key PubStorRey of the TTP. 

The (transmission) keys of the users A smd B each form an 
asymmetrical pair of keys, KeyPairA and ReyPairB, respectively , 
consisting of PubKeyA ouid SecKeyA, and PubKeyB and SecReyB, 
respectively. The TTP uses the pair of keys KeyPairTTP, 
consisting of PubKeyTTP and SecKeyTTP. Finally, for the 
protected storage of an asymmetrical pair of keys StorReyPalr, 
consisting of the keys PubStorKey and SecStorRey; contrary to 
the preceding public keys, PubStorRey nor SecStorRey is publicly 
availcJ^le, but is used exclusively within the TTP. 

The session key (SesKey) PubStorRey enciphered with the 
publicstbrage' key PubStorRey and the file (Txt) SesKey enciphered 
with the session key SesRey are subsequently stored in the 
storage medium DB of the TTP. 

"Digital Sign" 

The public key PubReyA of the first user A may be used to 
verify a digital signature DigSign of the file Txt. In this 
case, the TTP server, after having received the enciphered file 
(Txt) SesKey, also enciphers the - at that point in time publicly 
available - public key PubReyA from the first user A, with the 
public storage key PubStorRey, and stores said enciphered public 
key' (PubReyA) PubStorRey in the storage medium DB. 

"Time Stamp" 

: After haying received and stored the enciphered file . ^ 
^(Txt)Se8Rey,' the TTP' server may generate a time stamp TSfcaaip and 
store it, after enciphering with the public storage key 
PubStorRey and linked to the stored file, in the storage medium 
DB as (TStamp) PubStorRey. 

FIG. 2: "Re-encryption" 

As "periodical maintenance" , the TTP server deciphers the 
enciphered file (Txt) SesRey stored in the storage medium with the 
session key SesRey, which for that purpose is recovered by 
deciphering the stored session key (SesRey) PubStorRey with the 
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private storage key SecStorKey. The TTP server subsecjuently 
generates a fresh pair of storage keys StorKeyPair, comprising a 
new "public" storage key PubStorKey' and a new private storage 
key SecStorKey* , as well as a new version of the symmetrical 
session key SesKey* . The TTP siibseguently enciphers the 
deciphered file Txt with the new session key SesKey* and stores 
the file (Txt)SesRey" enciphered in this manner in the storage 
medium DB. 

The TTP also enciphers the new session key with the new 
piiblic storage key PxibStorKey' and stores the session key 
(SesRey * ) PubStorKey* enciphered in this manner In the storage 
medivim DB. 

"Digital Sign" 

During the periodical maintenance, the TTP server also 
deciphers the enciphered piiblic key (PubKeyA) PubStorKey stored in 
the storage medium of the first user with the private storage key 
SecStorKey, and subsequently enciphers the deciphered public key 
PubKeyA with the newly generated piablic storage key PubStorKey' 
and stores the pxoblic key (PubKeyA) PubStorKey " enciphered in this 
manner in the storage medium. 

"Time Stcuap" 

During the periodical maintenance, the TTP server ailso 
deciphers the enciphered time stamp (TS tamp) PubStorKey stored in 
the storage medium with the private storage key SecStorKey, and 
subsequently enciphers the deciphered time stamp with the newly 
generated public storage key PubStorKey' and stores the time 
stamp (TStamp) PubStorKey* enciphered in this manner in the 
storage 'mediiam. ■ .. ^ . .■s'.v ■ ^ 

FIG. 3: "Secure Retrieval" 

For protected recovery of the file Tact, and the 
transmission thereof to the first and second users A and B, 
respectively, the syxranetrical session key SesKey is recovered 
from the storage medium by deciphering, with the private storage 
key SecStorKey, the stored enciphered session key 
(SesKey) PubStorKey. The recovered session key SesRey is 
subsequently enciphered with the then current pxablic key PubKeyA*" 
or PubKeyB"", as the case may be, from the querying first or 
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second user A or B, as the case may be, and transmitted to said 
user by way of the transmission channel, together with a copy of 
the file stored in the storage medium, with the user, after 
having received the enciphered session key (SesKey) PubKeyA" or 
(SesKey)PubKeyB'', being capeible of recovering the session key 
therefrom by deciphering, with his private key SecKeyA" or 
SecKeyB", as the case may be, and siobsequently being capable of 
deciphering the file (Txt) SesRey using the recovered session key. 

"Digital Sign" 

The original public key PubKeyA of the first user, 
necessary for verifying the digital signature of the recovered 
file, may be recovered from the storage medium by deciphering, 
with the private storage key SecStorKey, the stored public key 
(PubKeyA) Pubs torKey of the first user enciphered with the piiblic 
storage key. The deciphered public key PubKeyA of the first user 
recovered in this manner is subsequently enciphered with the 
current piiblic key PubKeyA or PubKeyB" , as the case may be, of 
the retrieving first or second user A or B, as the case may be, 
and traoismitted to the user by way of the transmission channel. 
After having received said enciphered public key 
(PubKeyA) PubKeyA or (PubKeyA) PubkeyB^ , as the case may be, the 
user may recover the original piiblic key PubKeyA of the first 
user therefrom by deciphering, with his current private key 
SecKeyA" or SecKeyB" , as the case may be. Subsequently, the 
digital signature DigSign of the file Txt may be verified using 
the recovered public key PubKeyA of the first user. 

Xt should be noted that it is preferable to - otherwise 
than is shown in FIG. 3 - not treuismit the digital signature 
?: -^DlgSign' imencipheredly-'to the 'first -or second- user-,- as the ^ case - 
may be, but enciphered with the public key of user A or B, as the 
case may be: instead of "DigSign", the TTP server then transmits 
*■ (DigSign) PubKeyA"" or " (DigSign) PubKeyB*^" , as the case may be. 
At the user^s side, the digital signature may be recovered by 
deciphering, with the private keys of A and B, SecKeyA and 
SecKeyB , respectively . 

"Time Stamp" 

When the stored file is retrieved by the first or second 
user, the time stamp is first retrieved by deciphering 
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(TStamp) PubSUorKey with the private storage key SecStorKey. The 
recovered time stamp is subsequently enciphered with the user's 
current public key PubKeyA* or PubKeyB' , as the case may be, and 
transmitted to said user. Thereafter, the user may decipher the 
enciphered time stamp (TStamp) PubKeyA* or (TStaa^) PtibReyB * , as 
the case may be, with his current private key SecKeyA* or 
SecKeyB ■ , as the case may be . 
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CLAIMS 

1. System for protectedly storing and managing, in a TTP 
server, copies of digital files which are tremsmitted, by way of 
a transmission channel, from a first to a second user, 
characterised in that 

a file (Txt) is transmitted from the first user (A) to a 
second user (B) after having been enciphered with a 
symmetrical session key (SesKey) , which session key is 
enciphered using the public key (PubKeyB) of a first 
asymmetrical pair of keys (KeyPairB) associated with the 
second user, which second user, after having received it, 
may decipher the session key using the private key 
<SecKeyB) of said first asymmetrical pair of keys 
(KeyPairB) and s\ibsec[uently may decipher the file using the 
session key deciphered in this manner, the session key 
(SesKey) also being enciphered by the first user (A) using 
the public key (PubKeyTTP) of a second asyiranetrical pair of 
keys (KeyPairTTP) associated with the TTP server, which TTP 
server, after having received it, deciphers said session 
key using the private key (SecKeyTTP) from said second, 
asymmetrical pair of keys (KeyPairTTP) , whereafter the TTP 
server enciphers the deciphered session key (SesKey) using 
the public key of a third asymmetrical pair of keys 
(StorKeyPair) , hereinafter to be referred to as public 
storage key (PubStorKey) , and stores the session key 
( (SesKey) PxabStorKey) enciphered with said storage key, 
together with the file ( (Txt) SesKey) enciphered with the 
session key (SesKey) , in a storage medium (DB) . 

2. System according to claim 1, characterised in that, 
periodically , 

the TTP server deciphers the enciphered file ( (Txt) SesKey) 
stored in the storage meditim with the session key (SesKey) , 
which for that purpose is recovered in advance by 
deciphering the stored enciphered session key 
( (SesKey) PubStorKey) with the private key of the third pair 
of keys (StorKeyPair) , hereinafter to be referred to as the 
private storage key (SecStorKey) ; 
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the TTP server subsequently generates a new version of the 
third pair of keys, comprising a new public storage key 

(PiibStorKey ' ) and a new private storage key {SecStorKey ' ) , 
and a new version of the symmetrical session key (SesKey')f 
whereafter the TTP enciphers the deciphered file (Txt) with 
the new session key (SesKey*) and stores the file 

( (Txt) SesKey' ) enciphered in this manner in the storage 
medium (DB) ; 

the TTP server enciphers the new session key (SesKey*) with 
the new public storage key (PubStorKey » ) and stores the 
session key ( ( Seskey * ) PubStorKey ' ) enciphered in this 
maimer in the storage medium (DB) . 

3. System according to claim 1, characterised in that, for 
protected recovery of the file (Txt) and transmission thereof to 
the first user (A) or £lie ' secoi^^^ (B) , as the case may be^*' ' 
the symmetrical session key (SesKey) is recovered from the 
storage medium by deciphering, with the private storage key 
(SecStorKey) , the stored enciphered session key 

( (SesKey) PubStorKey) , whereafter the recovered session key 
(SesKey) is subsequently enciphered with the curren't public key 
(PubKeyA' or PubKeyB*', as the case ihay be) of the f iris't or secoxid 
user (A or B, as the case may. be) , and is transmitted to the user 
by way of the treuismission channel, together with a copy of the 
file ( (Txt) SesKey) stored in the storage medium, with the user, 
after having received the enciphered session key 

( (SesKey) PubKeyA' or ( SesKey) PubKeyB ' , as the case may be) , being 
capable of recovering the session key therefrom by deciphering 
using the user's private key (SecKeyA' or SecKeyB' , as the case 
may;, be )\, 8md.s\absequently;^beixig capablei.of deciphering^ the ^ . 
enciphered file ( (Txt j SesKey)" using the recovered session key. 

4. System according to claim 1, the public key (PubKeyA) of 
the first user (A) being used to verify a digital signature 
(DigSign) of the file (Txt) , characterised in that the TTP 
server, after having received the enciphered file ( (Txt) SesKey) , 
also enciphers the then current public key (PubKeyA) of the first 
user (A) using the public storage key (PubStorKey) , and stores 
said enciphered public key ( (PribKeyA) PubStorKey) in the storage 
medium (DB) . 
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5. System according to claim 4, characterised in that, 
periodically , 

the TTP server deciphers the enciphered pixblic key 
(PubKeyA) of the first user stored in the storage medium 
with the private storage key (SecStorKey) ; 

the TTP server subsequently generates a new version of the 
third pair of keys, comprising a new public storage key 

(PubStorKey • ) and a new private storage key (SecStorKey*); 
the TTP server enciphers the deciphered public key 

(PubKeyA) of the first user with the new public storage key 

(PubStorKey* ) amd stores said public key 

( (PubKeyA) PxibStorKey* ) i enciphered in this manner, in the 
storage medium. 

6 . System according to claim 4 , characterised in that the 
public key (P\ibKeyA) of the first user is recovered from the 
storage medium by deciphering, with the private storage key 
(SecStorKey) , the stored enciphered public key 

( (PubKeyA) PubStorkey) of the first user, 

that said original public key (PubKeyA) recovered in this manner 
is subsequently enciphered with the current public key (PubKeyA* 
or PubKeyB", as the case may be) of the first or second user (A 
or B, slb the case may be) , and is transmitted by way of the 
transmission channel to the first or second user, as the case may 
be, with the user, after having received said enciphered public 
key (( PubKeyA) PubKeyA ' or (PubKeyA) PubKeyB ' , as the case may be) 
being capcible of recovering the original public key (PubKeyA) of 
the first user therefrom by deciphering with his c\irrent private 
key.\.(SiecKeyA' or -SecKeyB ■ , as the case may be) , and sixbsequently 
being capable of verifying the digital signature (DigSign) of the 
file (Txt) using the original piablic key (PubKeyA) of the first 
user recovered in this meomer. 

7- System according to claim 6, characterised in that the 
digital signature (DigSign) is enciphered with the current public 
key (PubKeyA* or PubKeyB', as the case may be) of the first or 
second user (A or B, as the case may be) , and is transmitted to 
s£d.d first or second user, as the case may be, whereafter the 
receiving user recovers the digital signature by deciphering the 
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received, enciphered digital signature ( (DigSign) PubKeyA' or 
(DigSign) PubKeyB* , as the case may be) with his private key 
(SecKeyA' or SecKeyB', as the case may be). 

8 . System according to claim X , characterised in that the TTP 
server, after having received the enciphered file ( (Txt) SesKey) 
generates a time stamp (TStamp) and stores it, linked to the 
stored file and enciphered with the public storage key 
(PubStorKey) , in the storage medium (DB) . 

9. System according to claim 8, characterised in that, in the 
event of retrieving the stored file by the first or second user 
(A or B, as t.he case may be) the enciphered time stanqp 

( (TStamp) PubStorKey) is recovered by deciphering with the private 
storage key (SecStorKey) , the recovered time stamp is 
siibsequently enciphered with the current public 'key' (PubkeyA* or 
P\2bKeyB' , as the case may be) for the querying user, and is 
transmitted to said user, whereafter the user may decipher the 
enciphered time stamp ( (TStamp) PubKeyA* or (TStan^) PubKeyB* , as 
the case may be) with the private key (SecKeyA' or SecKeyB', as 
the case may be) current for said user. 
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